Skip to content

fix: account connect origin #13394

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 21 commits into
base: main
Choose a base branch
from
Open

fix: account connect origin #13394

wants to merge 21 commits into from

Conversation

joaoloureirop
Copy link
Contributor

@joaoloureirop joaoloureirop commented Feb 6, 2025
edited
Loading

Description

The purpose of this task is to make a security improvement for dapps permissions request.

Related issues

Fixes: https://github.com/MetaMask/mobile-planning/issues/2096

Screenshots/Recordings

Before

android-spoofing-before.mov

After

permissions-summary-origin-spoofing-after-android.mov

Pre-merge author checklist

Pre-merge reviewer checklist

  • I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
  • I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 6, 2025

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

@metamaskbot metamaskbot added the team-mobile-platform Mobile Platform team label Feb 6, 2025
@joaoloureirop joaoloureirop added the Run Smoke E2E Triggers smoke e2e on Bitrise label Feb 6, 2025
@joaoloureirop joaoloureirop marked this pull request as ready for review February 6, 2025 18:19
@joaoloureirop joaoloureirop requested a review from a team as a code owner February 6, 2025 18:19
@joaoloureirop joaoloureirop added Run Smoke E2E Triggers smoke e2e on Bitrise and removed Run Smoke E2E Triggers smoke e2e on Bitrise labels Feb 6, 2025
@joaoloureirop joaoloureirop force-pushed the fix/account-connect-origin-spoof branch 2 times, most recently from 0ea1004 to d3868d6 Compare February 10, 2025 10:31
@joaoloureirop joaoloureirop added the Run Smoke E2E Triggers smoke e2e on Bitrise label Feb 10, 2025
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@joaoloureirop joaoloureirop added Run Smoke E2E Triggers smoke e2e on Bitrise and removed Run Smoke E2E Triggers smoke e2e on Bitrise labels Feb 10, 2025
@joaoloureirop joaoloureirop force-pushed the fix/account-connect-origin-spoof branch from d3868d6 to 5d84838 Compare April 7, 2025 13:50
@joaoloureirop joaoloureirop marked this pull request as draft April 7, 2025 13:54
@MetaMask MetaMask deleted a comment from github-actions bot Apr 9, 2025
@MetaMask MetaMask deleted a comment from github-actions bot Apr 9, 2025
@smilingkylan smilingkylan marked this pull request as ready for review April 9, 2025 21:57
@MetaMask MetaMask deleted a comment from github-actions bot Apr 15, 2025
@smilingkylan smilingkylan added Run Smoke E2E Triggers smoke e2e on Bitrise and removed Run Smoke E2E Triggers smoke e2e on Bitrise labels Apr 15, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Apr 15, 2025
edited by metamaskbot
Loading

https://bitrise.io/ Bitrise

✅✅✅ pr_smoke_e2e_pipeline passed on Bitrise! ✅✅✅

Commit hash: d8e35eb
Build link: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/6a10ed28-c67f-45f7-ba1d-56e5144d3e6d

Note

  • You can kick off another pr_smoke_e2e_pipeline on Bitrise by removing and re-applying the Run Smoke E2E label on the pull request

@smilingkylan smilingkylan mentioned this pull request Apr 16, 2025
Closed
7 tasks
joaoloureirop
joaoloureirop commented Apr 16, 2025
View reviewed changes
Copy link
Contributor Author

@joaoloureirop joaoloureirop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

unit tests look good to me

smilingkylan
smilingkylan previously approved these changes Apr 16, 2025
View reviewed changes
@joaoloureirop joaoloureirop enabled auto-merge April 17, 2025 08:00
@metamaskbot metamaskbot added the INVALID-PR-TEMPLATE PR's body doesn't match template label Apr 17, 2025
Cal-L
Cal-L reviewed Apr 18, 2025
View reviewed changes
Copy link
Contributor

@Cal-L Cal-L left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

left some comments

app/components/Views/AccountConnect/AccountConnect.tsx
@@ -194,7 +189,7 @@ const AccountConnect = (props: AccountConnectProps) => {
dappHostname = title;
} else if (!isChannelId && (dappUrl || channelIdOrHostname)) {
title = prefixUrlWithProtocol(dappUrl || channelIdOrHostname);
dappHostname = inappBrowserOrigin;
dappHostname = channelIdOrHostname;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What was the before and after of this value? Wanted to understand how this piece broke the behavior before

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unsure if I understand your question.

inappBrowserOrigin comes from const inappBrowserOrigin: string = useSelector(getActiveTabUrl, isEqual); which reacts to url changes on the active tab

channelIdOrHostname is a navigation param set when navigator.navigate is called. It wont react to url changes on the active tab

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Failed Quality Gate failed

Failed conditions
76.9% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud

@NicholasEllul NicholasEllul requested a review from a team April 30, 2025 13:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Cal-L Cal-L Cal-L left review comments

@smilingkylan smilingkylan smilingkylan left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
INVALID-PR-TEMPLATE PR's body doesn't match template Run Smoke E2E Triggers smoke e2e on Bitrise team-mobile-platform Mobile Platform team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@joaoloureirop @smilingkylan @Cal-L @metamaskbot